According to Symantec, spam is currently at its lowest level since the McColo takedown in November 2008.
Symantec announced the publication of its June 2011 Symantec Intelligence Report, the first Symantec report to combine the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. This month’s analysis reveals that spam is currently at the lowest level it has been since the takedown of McColo, a California based ISP which hosted command and control channels for a number of major botnets, in November 2008.
Since the shutdown of Rustock, the largest spam-sending botnet, in March 2011, the volume of spam in global circulation each day continues to fluctuate. Spam accounted for 72.9 percent of email in June, returning to the same level as in April earlier this year. According to Symantec Intelligence, 76.6 percent of this spam was sent by botnets, compared with 83.1 percent in March.
‚Despite the decrease in botnet spam this month, they should still be considered a dangerous force on the Internet. Cybercriminals continue to use botnets to conduct distributed denial of service attacks (DDoS), carry out fraudulent click-thrus on unsuspecting websites for financial gain, host illegal Web site content on infected computers, harvest personal data from infected users and install spyware to track victims’ activities online,‚ said Paul Wood, senior intelligence analyst, Symantec.cloud.
‚Spam remains a huge problem and spam levels continue to be unpredictable. Following the disruption of Rustock in March, approximately 36.9 billion spam emails were in circulation each day during April. This number rose to 41.7 billion in May, before falling back to 39.2 billion in June. During the same period last year, spam accounted for 121.5 billion emails in global circulation each day, equivalent to 89.3 percent of email traffic in June 2010. Over a twelve month period, a drop of 68.7 percent in volume resulted in a fall of only 16.4 percentage points in the overall global spam rate,‚ added Wood.
In the latest analysis, spam relating to pharmaceutical products accounted for 40 percent of all spam in June 2011, declining from 64.2 percent at the end of 2010. Spam subject line analysis shows that adult spam continue to flourish.
According to the Symantec Intelligence Report, spam messages promoting pharmaceutical products have been the most commonly seen spam attacks in June. Pharmaceutical products are deceptively marketed through spam emails employing a variety of obfuscation techniques. This month’s report highlights the changing nature of the spam-sending botnet landscape and online pharmacy spam using two different angles: a spoof of an online video sharing service and a new online pharmacy brand, perhaps seeking to exploit the popularity of the ‚wiki‚ name in a number of high-profile Web sites.
Last month, Symantec Intelligence also identified a new spam tactic being used, which introduced the ‚Wiki‚ name prefix for the promotion of fake pharmaceutical products relating to a new pharmacy brand, WikiPharmacy. The ‚Subject:‚ line in these attacks has a lot of randomisation contained in the text. The ‚From:‚ header is either fake or a hijacked ISP account that gives a personalised appearance to the email.
Other report highlights:
Spam: In June 2011, the global ratio of spam in email traffic decreased by 2.9 percent since May 2011 to 72.9 percent (1 in 1.37 emails).
Phishing: In June, phishing activity decreased by 0.06 percent since May 2011: one in 286.7 emails (0.349 percent) comprised some form of phishing attack.
E-mail-borne threats: The global ratio of email-borne viruses in email traffic was one in 300.7 emails (0.333 percent) in June, a decrease of 0.117 percentage points since May 2011.
Web-based malware threats: In June, MessageLabs Intelligence identified an average of 5,415 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware: an increase of 70.8percent since May 2011.
Endpoint threats: The most frequently blocked malware for the last month was W32.Ramnit!html. This is a generic detection for .HTML files infected by W32.Ramnit, a worm that spreads through removable drives and by infecting executable files. The worm spreads by encrypting and then appending itself to files with .DLL, .EXE and .HTM extensions.
As the global spam level declined in June 2011, Saudi Arabia became the most spammed geography, with a spam rate of 82.2 percent, overtaking Russia, which moved into second position.
In the US, 73.7 percent of email was spam and 72.0 percent in Canada.
The spam level in the UK was 72.6 percent.
In The Netherlands, spam accounted for 73.0 percent of email traffic, 71.8 percent in Germany, 71.9 percent in Denmark and 70.4 percent in Australia.
In Hong Kong, 72.2 percent of email was blocked as spam and 71.2 percent in Singapore, compared with 69.2 percent in Japan. Spam accounted for 72.3 percent of email traffic in South Africa and 73.4 percent in Brazil.
South Africa remained the most targeted geography for phishing emails in June, with 1 in 111.7 emails identified as phishing attacks.
In the UK, phishing accounted for 1 in 130.2 emails.
Phishing levels for the US were 1 in 1,270 and 1 in 207.7 for Canada.
In Germany phishing levels were 1 in 1,375, 1 in 2,043 in Denmark and 1 in 543.7 in The Netherlands.
In Australia, phishing activity accounted for 1 in 565.2 emails and 1 in 2,404 in Hong Kong.
For Japan it was 1 in 11,179 and 1 in 2,456 for Singapore.
In Brazil, 1 in 409.8 emails were blocked as phishing attacks.
The UK remained the geography with the highest ratio of malicious emails in June, as one in 131.9 emails was blocked as malicious in June.
In the US, virus levels for email-borne malware were 1 in 805.2 and 1 in 297.7 for Canada.
In Germany virus activity reached 1 in 721.0, 1 in 1,310 in Denmark and in The Netherlands 1 in 390.3.
In Australia, 1 in 374.5 emails were malicious and 1 in 666.5 in Hong Kong.
For Japan it was 1 in 2,114, compared with 1 in 946.7 in Singapore.
In South Africa, 1 in 280.9 emails and 1 in 278.9 emails in Brazil contained malicious content.
The Public Sector remained the most targeted by phishing activity in June, with 1 in 83.7 emails comprising a phishing attack. Phishing levels for the Chemical & Pharmaceutical sector were 1 in 897.3 and 1 in 798.3 for the IT Services sector: 1 in 663.2 for Retail, 1 in 151.4 for Education and 1 in 160.8 for Finance.
With 1 in 73.1 emails being blocked as malicious, the Public Sector remained the most targeted industry in June. Virus levels for the Chemical & Pharmaceutical sector were 1 in 509.4 and 1 in 513.8 for the IT Services sector: 1 in 532.8 for Retail, 1 in 130.4 for Education and 1 in 182.3 for Finance.
The June 2011 Symantec Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.symanteccloud.com/globalthreats/overview/r_mli_reports